FinCEN, IRS must better manage data: GAO

The Financial Crimes Enforcement Network (FinCEN) and the IRS need to better coordinate and manage bank data used to track money laundering and terrorist financing, especially after a major FinCEN data-sharing system failed earlier this year, according to a recent report from the Government Accountability Office.

That system was to be the foundation of a broader data management and business process re-engineering effort.

The failure of the BSA Direct Retrieval and Sharing system was a considerable setback, said James White, GAO's director of tax issues on its strategic issues team. FinCEN will need to take a measured and disciplined approach to strengthening its ability to oversee and manage information technology projects, he added.

'Significant changes, such as FinCEN's data management re-engineering effort, are complex and slow to implement, requiring a long-term but flexible strategy and a strong and consistent focus to be successful,' White said in the report.

Financial institutions and industries such as casinos, insurers and precious stones and metals dealers report suspicious transactions and currency transactions exceeding $10,000 under the Bank Secrecy Act and expanded under the USA Patriot Act. Law enforcement uses this data to detect and prevent financial crimes.

FinCEN, which oversees the administration of BSA and controls law enforcement access to the data, does not have a plan to re-engineer BSA data management activities even after it pulled the plug on the BSA Direct system after spending $14 million on it. FinCEN started investing in the system development before it had a long-term plan for re-engineering BSA data management responsibilities. The system suffered from poor project management and oversight, GAO said.

At the same time, FinCEN did not communicate and coordinate its plans with the IRS, which had developed its own system, WebCBRS, with many of the same capabilities as BSA Direct. FinCEN migrated to WebCBRS when BSA Direct failed.

The IRS has three roles relating to BSA data: the tax agency examines data for compliance, investigates possible criminal violations and collects and stores the reports of financial transactions.

But IRS has difficulties in identifying non-banking financial institutions, such as money transmitters and check cashers, because FinCEN regulations about whom they cover are confusing, the report said. IRS also lacks a valid risk-based approach about which institutions to examine for compliance. IRS examined only a small fraction of the 3.5 percent of the non-bank financial institutions in its database in 2005.

In response, FinCEN said it has developed a comprehensive IT management improvement plan that emphasizes maturation of the bureau's IT governance processes and project management capabilities. It also is designing a long-term plan to coordinate activities with the IRS.

In related news, the Securities and Exchange Commission will provide FinCEN on a quarterly basis with anti-examination and enforcement information related to SEC-regulated firms' compliance with the Bank Secrecy Act. FinCEN, in turn, will provide assistance and analytical reports to the SEC.